Viator

  • $200 – $4,500 per vulnerability
  • Partial safe harbor

Throttling Requests on Certain URLS now out of Scope

Effective immediately, vulnerabilities related to throttling requests across partner.viator.com and partners.viator.com and their subdomains are now out of scope.
This includes mass account creation, repeated signup/login attempts, repeated triggering of built in emails (like reset password / welcome etc.).

Any pending submissions submitted before the out of scope changes will be reviewed and processed accordingly.

If you have any questions on the change in the scope, please reach out to support@bugcrowd.com.